IN THE CLAIMS 

1. (Original) Apparatus for the secure installation and use of an information 
system having a plurality of nodes, where said plurality of nodes include at least one 
information appliance and at least one security console, comprising: 

at least one data-carrying object containing security-related data; and 

at least one object receptacle that comprises a portion of at least one of said 
nodes, a data-carrying object being inserted into said receptacle for reading-out 
the security-related data for indicating to the information system a desired 
security configuration. 

2. (Original) Apparatus as in claim 1, wherein said data-carrying object stores 
the security-related data in a form that can be read-out by one of an electrical sensor, 
an optical sensor, or a magnetic sensor. 

3. (Original) Apparatus as in claim 1, wherein said data-carrying object 
remains inserted in said receptacle for as long as the security configuration is desired 
to be in effect. 

4. (Original) Apparatus as in claim 1, wherein said data-carrying object is 
temporarily made readable by said receptacle in order to initiate said security 
configuration. 

5. (Original) Apparatus as in claim 1, wherein an information appliance has 
associated therewith at least one corresponding data-carrying object for inserting into 
said receptacle, wherein said receptacle has an output coupled to said security console 
in an information system where the information appliance is intended to be used for 
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indicating that the information appHance is one of a trusted information appliance or 
an untrusted information appliance. 

6. (Original) Apparatus as in claim 1, wherein an information appliance is 
given access to information system resources, including information, by inserting a 
data-carrying object associated with said security console into said receptacle, said 
receptacle having an output that is coupled to said information appliance. 

7. (Original) Apparatus as in claim 1, wherein each of said information 
appliance and said security console have associated therewith at least one 
corresponding data-carrying object, wherein a first receptacle has an output coupled to 
said security console in an information system where the information appliance is 
intended to be used for indicating, from security-related data contained on said data- 
carrying object associated with said information appliance, that the information 
appliance is one that is authorized to fulfil and originate requests for information 
system resources, and wherein a second receptacle has an output coupled to said 
information appliance for indicating, from security-related data contained on said data- 
carrying object associated with said security console, that said security console is 
authorized to fulfil and originate requests for information appliance resources, 
including information. 

8. (Original) Apparatus as in claim 1, wherein said data-carrying objects are 

obtained as a pair, wherein a first receptacle has an output coupled to said security 

console in an information system where the information appliance is intended to be 

used for indicating, from security-related data contained on a first one of said pair of 

data-carrying objects, that the information appliance is one that is authorized to fulfil 

and originate requests for information system resources, and wherein a second 

receptacle has an output coupled to said information appliance for indicating, from 

security-related data contained on a second one of said pair of data-carrying objects, 

that said security console is authorized to fulfil and originate requests for information 

appliance resources, including information. 
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9. (Original) Apparatus as in claim 1 , wherein there are a plurality of said 
receptacles, and wherein an insertion of a data-carrying object into a first receptacle 
indicates different security-related information than inserting the data-carrying object 
into a second receptacle. 

10. (Original) Apparatus as in claim 1, wherein said data-carrying objects are 
obtained as a pair, and wherein data-carrying objects in any given pair are the same 
shape, and no two data-carrying objects not in the same pair are the same shape, 

11. (Original) Apparatus as in claim 1, wherein said data-carrying objects are 
obtained as a pair, and wherein 

data-carrying objects in any given pair are imprinted with a same visible identification 
information, and no two data-carrying objects not in the same pair are imprinted with 
the same visible identification information. 

12. (Original) Apparatus as in claim 1, wherein said data-carrying objects are 
obtained as a pair, and wherein data-carrying objects in any given pair are fashioned 
so as to mechanically join together, and no two data-carrying objects not in the same 
pair will not or are unlikely to mechanically join together. 

13. (Original) Apparatus as in claim 1, wherein data-carrying objects are 
obtained in groups of at least three, and where access to a resource, including 
information, is obtained by providing one subset of data-carrying objects from a group 
to a receptacle associated with a requestor of the resource, and a disjoint set of 
data-carrying objects from the same group is provided to the security console. 

14. (Original) Apparatus as in claim 13, wherein identifications of all 
individual data-carrying objects in the group can be ascertained by viewing the 
security console, even if some subset of the data-carrying objects are provided to a 
receptacle associated with a requestor of the resource. 
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15. (Original) Apparatus as in claim 13, wherein a utilization of different 
disjoint subsets of the data-carrying objects in a group indicates different levels of 
trust to be granted to the requestor with respect to the resource. 

16. (Original) Apparatus as in claim 13, wherein a utilization of different 
disjoint subsets of the data-carrying objects in a group indicates different levels of 
authorization to be granted to the requestor with respect to the resource. 

17. (Original) Apparatus as in claim 13, wherein data-carrying objects in a 
particular group mechanically join together to form an assemblage, where the 
assemblage is adapted to be attached to a device through a single connection. 

18. (Original) Apparatus as in claim 1, in which a newly-obtained information 
appliance is added to a group of authorized information appliances on behalf of a 
principal, by providing a data-carrying object representing the principal to a receptacle 
of the information appliance. 

19. (Original) Apparatus as in claim 18, wherein said data-carrying object 
representing the principal contains data which includes at least one secret known only 
to the principal. 

20. (Original) Apparatus as in claim 19, wherein the secret known only to the 
principal comprises the private half of a public-private key pair associated with an 
asymmetric cryptosystem. 

21. (Original) Apparatus as in claim 1, in which a certain principal, and at least 
one information appliance authorized to act on behalf of the principal, is granted a 
certain level of access to a certain resource by providing, to a receptacle associated 
with an information appliance representing the resource, a data-carrying object 
representing the principal. 
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22. (Original) Apparatus as in claim 21, wherein data contained in the 
data-carrying object representing the principal comprises the public half of a 
public-private key pair associated with an asymmetric cryptosystem. 

23. (Original) Apparatus as in claim 22, in which the data-carrying object 
representing the principal comprises an image of the principal. 

24. (Original) Apparatus as in claim 22, in which the data-carrying object 
representing the principal comprises a computer-readable data portion and an image of 
the principal. 

25. (Original) Apparatus as in claim 24, further comprising a holder for 
holding the computer-readable data portion such that both the computer-readable data 
portion and the image are accessible. 

26. (Original) A method for the secure installation and use of an information 
system having a plurality of nodes, where said plurality of nodes include at least one 
information appliance and at least one security console, comprising steps of: 

providing at least one data-carrying object containing security-related data; and 

inserting the data-carrying object into at least one object receptacle that 
comprises a portion of at least one of the nodes, the data-carrying object being 
inserted into the receptacle for reading-out the security-related data for 
indicating to the information system a desired security configuration. 

27. (Original) A method as in claim 26, wherein the data-carrying object stores 
the security-related data in a form that can be read-out by one of an electrical sensor, 
an optical sensor, or a magnetic sensor. 
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28. (Original) A method as in claim 26, wherein the data-carrying object either 
remains inserted in the receptacle during the operation of the information system, or is 
temporarily inserted in or otherwise made readable by the receptacle either before or 
during the operation of the information system. 

29. (Original) A method as in claim 26, wherein an information appliance has 
associated therewith at least one corresponding data-carrying object for inserting into 
the receptacle, wherein the receptacle has an output coupled to the security console in 
an information system where the information appliance is intended to be used for 
indicating that the information appliance is one of a trusted information appliance or 
an untrusted information appliance. 

30. (Original) A method as in claim 26, wherein an information appliance is 
given access to information system resources, including information, by inserting a 
data-carrying object associated with the security console into the receptacle, the 
receptacle having an output that is coupled to the information appliance. 

31. (Original) A method as in claim 26, wherein each of the information 
appliance and the security console have associated therewith at least one 
corresponding data-carrying object, wherein a first receptacle has an output coupled to 
the security console in an information system where the information appliance is 
intended to be used for indicating, from security-related data contained on the data- 
carrying object associated with the information appliance, that the information 
appliance is one that is authorized to fulfil and originate requests for information 
system resources, and wherein a second receptacle has an output coupled to the 
information appliance for indicating, from security-related data contained on the data- 
carrying object associated with the security console, that the security console is 
authorized to fulfil and originate requests for information appliance resources, 
including information. 
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32. (Original) A method as in claim 26, wherein the data-carrying objects are 
provided as a pair, wherein a first receptacle has an output coupled to the security 
console in an information system where the information appliance is intended to be 
used for indicating, from security-related data contained on a first one of the pair of 
data-carrying objects, that the information appliance is one that is authorized to fulfil 
and originate requests for information system resources, and wherein a second 
receptacle has an output coupled to the information appliance for indicating, from 
security-related data contained on a second one of the pair of data-carrying objects, 
that the security console is authorized to fulfil and originate requests for information 
appliance resources, including information. 

33. (Original) A mediod as in claim 26, wherein there are a plurality of the 
receptacles, and wherein an insertion of a data-carrying object into a first receptacle 
indicates different security-related information than inserting the data-carrying object 
into a second receptacle. 

34. (Original) A method as in claim 26, wherein the data-carrying objects are 
provided as a pair, and wherein data-carrying objects in any given pair are the same 
shape, and no two data-carrying objects not in the same pair are the same shape. 

35. (Original) A method as in claim 26, wherein the data-carrying objects are 
provided as a pair, and wherein data-carrying objects in any given pair are imprinted 
with a same visible identification information, and no two data-carrying objects not in 
the same pair are imprinted with the same visible identification information. 

36. (Original) A method as in claim 26, wherein the data-carrying objects are 
provided as a pair, and wherein data-carrying objects in any given pair are fashioned 
so as to mechanically join together, and no two data-carrying objects not in the same 
pair will not or are unlikely to mechanically join together. 
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37. (Original) A method as in claim 26, wherein data-carrying objects are 
obtained in groups of at least three, and where access to a resource, including 
information, is obtained by providing one subset of data-carrying objects from a group 
to a receptacle associated with a requestor of the resource, and a disjoint set of 
data-carrying objects from the same group is provided to the security console. 

38. (Original) A method as in claim 37, wherein identifications of all 
individual data-carrying objects in the group can be ascertained by viewing the 
security console, even if some subset of the data-carrying objects are provided to a 
receptacle associated with a requestor of the resource. 

39. (Original) A method as in claim 37, wherein a utilization of different 
disjoint subsets of the data-carrying objects in a group indicates different levels of 
trust to be granted to the requestor with respect to the resource. 

40. (Original) A method as in claim 37, wherein a utilization of different 
disjoint subsets of the data-carrying objects in a group indicates different levels of 
authorization to be granted to the requestor with respect to the resource. 

41. (Original) A method as in claim 37, wherein data-carrying objects in a 
particular group mechanically join together to form an assemblage, where the 
assemblage is adapted to be attached to a device through a single connection. 

42. (Original) A method as in claim 26, in which access to the resource is 
denied unless every data-carrying object of the group is inserted into a receptacle. 

43. (Original) A method as in claim 26, and further comprising a step of 
adding a newly-obtained information appliance to a group of authorized information 
appliances, on behalf of a principal, by inserting a data-carrying object representing 
the principal to a receptacle of the information appliance. 
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44. (Original) A method as in claim 43, wherein the data-carrying object 
representing the principal contains data which includes at least one secret known only 
to the principal. 

45. (Original) A method as in claim 44, wherein the secret known only to the 
principal comprises the private half of a public-private key pair associated with an 
asymmetric cryptosystem. 

46. A method as in claim 26, in which a certain principal, and at least one 
information appliance authorized to act on behalf of the principal, is granted a certain 
level of access to a certain resource by inserting, to a receptacle associated with an 
information appliance representing the resource, a data-carrying object representing 
the principal. 

47. (Currently amended) A method as in claim 2446, wherein data contained in 
the data-carrying object representing the principal comprises the public half of a 
public-private key pair associated with an asymmetric cryptosystem. 

48. (Original) A method as in claim 47, in which the data-carrying object 
representing the principal comprises an image of the principal. 

49. (Original) A method as in claim 47, in which the data-carrying object 
representing the principal comprises a computer-readable data portion and an image of 
the principal. 

50. (Original) A method as in claim 49, further comprising a step of providing 
a holder for holding the computer-readable data portion such that both the 
computer-readable data portion and the image are accessible. 

51. (Original) A computer program embodied on a computer-readable medium 
for providing for the secure installation and use of an information system having a 
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plurality of nodes, where said plurality of nodes include at least one information 
appliance and at least one security console, comprising code segments responsive to at 
least one data-carrying object containing security-related data that is inserted into at 
least one object receptacle that comprises a portion of at least one of the nodes, for 
reading-out the security-related data for determining, for the information system, a 
desired security configuration 


11 


